IPhone passwords 'shockingly easy' to steal from iOS users

IPhone passwords 'shockingly easy' to steal from iOS users

IPhone passwords 'shockingly easy' to steal from iOS users

As Krause notes, fewer than 30 lines of code can be used to make a very convincing phishing dialog. That's the case put forward by app developer Felix Krause, who has written a proof-of-concept breakdown of malicious lookalike pop-ups.

The developer explains it is incredibly easy for an iOS app maker to recreate the Apple ID password prompt.

iOS asks users for their passwords for many reasons, but the most common ones are recently installed iOS operating system updates or iOS apps that are stuck during installation.

'However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases.

He says it's possible for criminals to programme apps to run certain code only after Apple has approved it for a spot in the App Store, and that the scheme works because iOS has "trained" users to automatically enter their details without questioning a popup's legitimacy.

Disney Shelves Jack and the Beanstalk Animated Film Gigantic
Apparently the studio got to the point where the creative process has hit a wall and they are "ending active development for now". The film was originally set to be released in 2020 and would have featured Jack making friends with a female giant child.

Trailer released for Demi Lovato's YouTube doc
Are you excited to watch Demi's documentary? Demi is now enjoying incredible success with her sixth album, Tell Me You Love Me . Lovato recently talked to The Hollywood Reporter about wanting to show fans an intimate, personal aspect of her life.

Advantage Oil & Gas Ltd (NYSE:AAV) Under Analyst Spotlight
The stock of Advantage Oil & Gas Ltd (USA) (NYSE:AAV) earned "Outperform" rating by Credit Suisse on Friday, October 14. The Highland Capital Management Llc holds 251,014 shares with $36.15 million value , down from 254,478 last quarter.

"This could easily be abused by any app..." That being said, it should be pointed out that this phishing method isn't exactly new and that Apple usually checks apps for this before being accepted to the App Store. So, what can you do to protect yourself now?

For example, rather than use a login popup, Apple could request iPhone users to input their username and password into the Settings section of their phone.

Even if you have two-factor authentication (2FA), what's to stop an app developer from asking for your 2FA key as well? More likely to happen is his suggestion that Apple change the design of its system prompts to include an extra icon that indicates it's an official request.

But what if that pop-up hasn't come from Apple, and has instead been created to look like an official request in an attempt by hackers to steal your credentials?

Latest News